AWS managedservices documentation change
Summary
Modified security control 6.11 to allow cross-account policies with write access to third-party accounts if risk acceptance is obtained.
Security assessment
This change updates a security control by introducing a formal exception process (risk acceptance) for a previously prohibited configuration. It adds to security documentation by defining a governance process, but does not indicate a fix for a specific security vulnerability.
Diff
diff --git a/managedservices/latest/userguide/ams-sec-stand-controls.md b/managedservices/latest/userguide/ams-sec-stand-controls.md index 07c4d707b..849c50a2d 100644 --- a//managedservices/latest/userguide/ams-sec-stand-controls.md +++ b//managedservices/latest/userguide/ams-sec-stand-controls.md @@ -177 +177 @@ ID | Technical standard -6.11 | Cross-account policies to access any S3 bucket data or resources where data can be stored (such as Amazon RDS, Amazon DynamoDB, or Amazon Redshift) in a third-party account from an AMS account with write access must not be configured. +6.11 | Cross-account policies to access any S3 bucket data or resources where data can be stored (such as Amazon RDS, Amazon DynamoDB, or Amazon Redshift) in a third-party account from an AMS account with write access must not be configured without risk acceptance.